The EU General Data Protection Regulation (GDPR) has come – and gone? Not really. Despite the deadline passing without the sky falling, GDPR is something that can’t fall off your radar. If your legal and compliance team raised the GDPR flag as something you need to address, then you should certainly be thinking long term. GDPR is not just a regulation - it is an opportunity.
New regulatory requirements are a great opening to take a closer look at controls in general. When the Sarbanes-Oxley Act hit organizations, they responded by focusing on the financial reporting processes. Over time, companies realized a strong control strategy offers benefits beyond those processes. It raised the awareness of managing not only compliance, but also managing risks to the business. GDPR can play that same type of role. While the immediate focus may be on security of personal data – the changes GDPR can bring in policies, processes and technical controls can benefit areas of your business outside of Personal Data.
What Comes after GDPR?
If your organization understands how important it is to protect personal data because of regulatory requirements, then the time is ripe to ask the question – what about other data? GDPR represents a shift in how businesses must address data governance, breach preparedness and risk and compliance management. Those controls can evolve into a better strategy across the enterprise. Take the opportunity – have the discussion.
# # #
What to learn more? Check out Evolving the Way Businesses Work in a Post-GDPR World, or read the white paper on how GDPR is affecting your future.